From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-130153-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RHdht-0004A2-9Q
	for garchives@archives.gentoo.org; Sat, 22 Oct 2011 15:41:57 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id A9F2A21C13F;
	Sat, 22 Oct 2011 15:41:43 +0000 (UTC)
Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 836FE21C06B
	for <gentoo-user@lists.gentoo.org>; Sat, 22 Oct 2011 15:40:48 +0000 (UTC)
Received: by wyh5 with SMTP id 5so5832253wyh.40
        for <gentoo-user@lists.gentoo.org>; Sat, 22 Oct 2011 08:40:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=WBr/k9rHHHIXnFSvMY/hLfz5nAtyP1RPRr1DaGt0jHI=;
        b=LOBeDVtlql0bShXRtRFOKYaIlNCo799koZhE3PblMr9FxL8tVpGK0vX4qCbx3OqXlE
         nw5CC0uxz+vFEsJ5I45WuFWK97AKAkZf0OSjjgBoqgzSoj1q3ucGSef6Vo7V5xHiSyax
         BRbaHyfKrdJ7AN/l31ZRoBVXkJjiCnIHEKjwY=
Received: by 10.216.221.34 with SMTP id q34mr6218488wep.99.1319298047674;
        Sat, 22 Oct 2011 08:40:47 -0700 (PDT)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPS id es5sm28171371wbb.11.2011.10.22.08.40.46
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sat, 22 Oct 2011 08:40:47 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Which desktop antivirus?
Date: Sat, 22 Oct 2011 16:40:32 +0100
User-Agent: KMail/1.13.7 (Linux/2.6.39-gentoo-r3; KDE/4.6.5; x86_64; ; )
References: <201110221227.43568.michaelkintzios@gmail.com> <4EA2AC79.5050102@binarywings.net> <20111022162220.7e7a7f77@toxic.dbnet>
In-Reply-To: <20111022162220.7e7a7f77@toxic.dbnet>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart5170837.ReisxGGasi";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <201110221640.53390.michaelkintzios@gmail.com>
X-Archives-Salt: 
X-Archives-Hash: c2c4841933446c8eacfff12f0460e210

--nextPart5170837.ReisxGGasi
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Saturday 22 Oct 2011 15:22:20 Jonas de Buhr wrote:
> Am Sat, 22 Oct 2011 13:43:53 +0200
>=20
> schrieb Florian Philipp <lists@binarywings.net>:
> > Am 22.10.2011 13:29, schrieb Nilesh Govindarajan:
> > > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote:
> > >> Hi All,
> > >>=20
> > >> I'm asked for a desktop antivirus (the box is running KDE) but I
> > >> have never used an antivirus on Linux.  This page that I googled
> > >>=20
> > >> up shows a number of them:
> > >>   http://www.makeuseof.com/tag/free-linux-antivirus-programs/
> > >>=20
> > >> Meanwhile, portage only lists clamav under app-antivirus/.
> > >>=20
> > >> The machine in question is running kmail to receive/send messages
> > >> from ISP mail servers and ssmtp to send log messages for relaying
> > >> via said ISP.
> > >>=20
> > >> What have you tried and what would you recommend for such a
> > >> desktop setup?
> > >=20
> > > IMHO, you don't need antivirus on a Linux box, unless you're going
> > > to run a mail relay, where you are responsible for saving recipents
> > > from viruses.
> >=20
> > I agree. Check that your ISP performs virus checks. If not or if you
> > want to be extra sure, I think kmail can work with clamav -- at least
> > it could in the old 3.x days when I still used it.
> >=20
> > > The simplest reason of all is, Linux doesn't know how to execute
> > > Windows binaries.
> >=20
> > Well, this is an oversimplification.
> > 1) Any box running Wine is possibly as exposed to your classic
> > pretty-women.exe mail attachments as any windows systems.
> > 2) You should also be worried about Open/LibreOffice macro viruses as
> > well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla
> > based exploits.
>=20
> or image rendering library bugs. or mono. or tricky multi-platform
> viruses/worms. saying that linux based viruses don't exist is simply
> wrong. there may not be much in the wild, but they definitely are out
> there.
>=20
> it is probably more difficult to write a successful virus for linux
> than for windows for a number or reasons but in principle the problem is
> the same as on windows.
> i think the main technical reason is the heterogeneity of the
> installations. one or two local exploits and you can hit almost any
> windows XP installation. in linux you have to deal with n combinations
> of kernel-version, glibc-version, etc. and there is very little you can
> depend on to be in a fixed location in memory since different compiler
> options may already change that. there are ways around all this of
> course[1], but its a lot of work. too much for the limited impact.
> also, a lot of malware seems to depend on social engineering for
> infection these days. i think thats going to work less good on a lot of
> linux users because the system conditions you to think before you act.
>=20
> that aside, i predict that we will see some linux viruses or worms with
> larger infections in the future. i guess the first ones will be for
> ubuntu because it has a large base of rather consistent base
> installations.
>=20
> /jonas
>=20
> --
>=20
> [1] fun idea: something exploiting bugs in the usb storage subsystem or
> file system handling code spreading to usb sticks. you could probably
> even make that multi-platform if you find the needed bugs for different
> OSes.
>=20
> > Still, keeping your system up-to-date and observing the freshly
> > revived GLSA notifications is more likely to save your butt than
> > clamav.

Thanks guys, good points.

The USB vector reminds me of stuxnet, although this I understand was design=
ed=20
to infect Iranian MSWindows boxen.

Anyway, the use case in point is to protect other MSWindows OS' when=20
sending/forwarding office and pdf documents.  So the user would like to be =
able=20
to scan emails as they come in/sent out.

Will clamav do this with KDE4?
=2D-=20
Regards,
Mick

--nextPart5170837.ReisxGGasi
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEABECAAYFAk6i5AUACgkQVTDTR3kpaLZG8wCgm6tvAfv380veDvOizhAn526c
75AAoNZFzFB6gTXDjoStGgMcho3ZEswv
=0oOA
-----END PGP SIGNATURE-----

--nextPart5170837.ReisxGGasi--